Mozilla has backtracked on its move to disable a Microsoft add-on tied to a
security vulnerability.
After placing the Microsoft
.NET Framework Assistant on a block list due to concerns about a Microsoft
vulnerability (CVE-2529), Mozilla said Oct. 18 it will re-enable the . NET
Framework Assistant for Firefox users.

"We received confirmation from Microsoft this evening that the
Framework Assistant add-on is not a mechanism for exploiting the
vulnerabilities detailed in the earlier post, so we've removed it from the
block list," blogged
Michael Shaver, vice president of engineering at Mozilla. "As the
block list update propagates to clients, the add-on should be re-enabled for
users who had it previously enabled."

Microsoft had warned Firefox users Oct. 16 that they were vulnerable to attack
if they had not applied MS09-054, which
was part of the massive
Patch Tuesday update for October. Mozilla also added the Windows
Presentation Foundation plug-in to the block list. For the moment, that plug-in
will remain on the list, Shaver stated in his post.
"We're hard at work on improving the experience for (especially
enterprise) users who wish to override the blocking of the WPF plug-in before
we remove it from the blocklist, and I'm working on a post to clarify the
events of the past few days," Shaver wrote. "We (especially I)
appreciate your patience and support as we work to keep our users safe and
comfortable with all the tools at our disposal."